ibmcom/ace
Official IBM App Connect Enterprise for Developers image
1M+
The replacement is now available at https://www.ibm.com/docs/en/app-connect/12.0?topic=cacerid-building-sample-app-connect-enterprise-image-using-docker
This repository contains some Dockerfiles and some scripts which demonstrate a way in which you might run IBM App Connect Enterprise in a Docker container.
The base image contains a full installation of IBM App Connect Enterprise for Developers Version 11.0.0.9, as well as some system configuration and user creation.
The source to these images can be found under the releases of https://github.com/ot4i/ace-docker. Note that the latest image may not align with latest code in GitHub (master branch)
A pre-built version of the App Connect Enterprise image is available with the following tags:
11.0.0.0
11.0.0.2
11.0.0.3
11.0.0.4
11.0.0.5-amd64
11.0.0.5.1-amd64
11.0.0.6-amd64
11.0.0.6.1-amd64
11.0.0.7-r1-amd64
11.0.0.8-r1-amd64
11.0.0.9-r1-amd64
, latest
In order to use the image, it is necessary to accept the terms of the IBM App Connect Enterprise license. This is achieved by specifying the environment variable LICENSE
equal to accept
when running the image. You can also view the license terms by setting this variable to view
. Failure to set the variable will result in the termination of the container with a usage statement. You can view the license in a different language by also setting the LANG
environment variable.
To run a container using this image with default configuration and these settings:
ACESERVER
7600
7600
run the following command:docker run --name aceserver -p 7600:7600 -p 7800:7800 -p 7843:7843 --env LICENSE=accept --env ACE_SERVER_NAME=ACESERVER ibmcom/ace:latest
Once the console shows that the integration server is listening on port 7600, you can go to the App Connect Enterprise UI at http://localhost:7600/. To stop the container, run docker stop aceserver
and the container will shut down cleanly, stopping the integration server.
accept
to agree to the App Connect Enterprise license. If you wish to see the license you can set this to view
.true
to start a Queue Manager and set the Integration Server to use it.true
to generate Prometheus metrics for your Integration Server.true
if you intend to secure your Integration Server using SSL.To enable dynamic configuration of the Integration Server, this setup supports configuration injected into the image as files.
Before the Integration Server starts, the container is checked for the folder /home/aceuser/initial-config
. For each folder in /home/aceuser/initial-config
a script called ace_config_{folder-name}.sh
will be run to process the information in the folder.
Shell scripts are supplied for the list of folders below, but you can extend this mechanism by adding your own folders and associated shell scripts.
/home/aceuser/ace-server
.initial-config
directory with data can be found in the sample
folder, as well as the [command on how to mount it when running the image]((sample/README.md#run-the-sample-image).You can mount the following file structure at /home/aceuser/initial-config
. Missing folders will be skipped, but empty folders will cause an error:
/home/aceuser/initial-config/keystore
.crt
. The alias must not contain any whitespace characters..key
..pass
.ACE_KEYSTORE_PASSWORD
..crt
file must have an associated .key
file, and a .pass
file must be present if the private key has a passphrase./home/aceuser/initial-config/odbcini
odbc.ini
. This must be an odbc.ini
file suitable for the Integration Server to use when connecting to a database. This will be copied to /home/aceuser/ace-server/odbc.ini
./home/aceuser/initial-config/policy
.policyxml
files, each with the suffix .policyxml
, and a single policy.descriptor
file. These will be copied to /home/aceuser/ace-server/overrides/DefaultPolicies/
. They should be specified in the server.conf.yaml
section in order to be used./home/aceuser/initial-config/serverconf
server.conf.yaml
that contains a server.conf.yaml
overrides file. This will be copied to /home/aceuser/ace-server/overrides/server.conf.yaml
/home/aceuser/initial-config/setdbparms
mqsisetdbparms
include a text file called setdbparms.txt
. This supports 2 formats:
# Lines starting with a "#" are ignored# Each line which starts mqsisetdbparms will be run as written # Alternatively each line should specify the <resource> <userId> <password>, separated by a single space# Each line will be processed by calling...# mqsisetdbparms ${ACE_SERVER_NAME} -n <resource> -u <userId> -p <password>resource1 user1 password1resource2 user2 password2mqsisetdbparms -w /home/aceuser/ace-server -n salesforce::SecurityIdentity -u myUsername -p myPassword -c myClientID -s myClientSecret
/home/aceuser/initial-config/truststore
.crt
. The alias must not contain any whitespace characters.ACE_TRUSTSTORE_PASSWORD
/home/aceuser/initial-config/webusers
admin-users.txt
. It contains a list of users to be created as admin
users using the command mqsiwebuseradmin
. These users will have READ, WRITE and EXECUTE access on the Integration Server. The file has the following format:
# Lines starting with a "#" are ignored# Each line should specify the <user> <password>, separated by a single space# Each user will have "READ", "WRITE" and "EXECUTE" access on the integration server# Each line will be processed by calling...# mqsiwebuseradmin -w /home/aceuser/ace-server -c -u <user> -a <password> -r adminadmin1 password1admin2 password2
operator-users.txt
. It contains a list of users to be created as operator
users using the command mqsiwebuseradmin
. These users will have READ and EXECUTE access on the Integration Server. The file has the following format:
# Lines starting with a "#" are ignored# Each line should specify the <user> <password>, separated by a single space# Each user will have "READ" and "EXECUTE" access on the integration server# Each line will be processed by calling...# mqsiwebuseradmin -w /home/aceuser/ace-server -c -u <user> -a <password> -r operatoroperator1 password1operator2 password2
editor-users.txt
. It contains a list of users to be created as editor
users using the command mqsiwebuseradmin
. These users will have READ and WRITE access on the Integration Server. The file has the following format:
# Lines starting with a "#" are ignored# Each line should specify the <user> <password>, separated by a single space# Each user will have "READ" and "WRITE" access on the integration server# Each line will be processed by calling...# mqsiwebuseradmin -w /home/aceuser/ace-server -c -u <user> -a <password> -r editoreditor1 password1editor2 password2
audit-users.txt
. It contains a list of users to be created as audit
users using the command mqsiwebuseradmin
. These users will have READ access on the Integration Server. The file has the following format:
# Lines starting with a "#" are ignored# Each line should specify the <user> <password>, separated by a single space# Each user will have "READ" access on the integration server# Each line will be processed by calling...# mqsiwebuseradmin -w /home/aceuser/ace-server -c -u <user> -a <password> -r auditaudit1 password1audit2 password2
viewer-users.txt
. It contains a list of users to be created as viewer
users using the command mqsiwebuseradmin
. These users will have READ access on the Integration Server. The file has the following format:
# Lines starting with a "#" are ignored# Each line should specify the <user> <password>, separated by a single space# Each user will have "READ" access on the integration server# Each line will be processed by calling...# mqsiwebuseradmin -w /home/aceuser/ace-server -c -u <user> -a <password> -r viewerviewer1 password1viewer2 password2
/home/aceuser/initial-config/mqsc
config.mqsc
. It contains a list of mqsc commands which will be processed on start by runmqsc
command. Further details can be found in the MQ Knowledge Center/home/aceuser/initial-config/agent
/home/aceuser/initial-config/extensions
extensions.zip
will be extracted into the directory /home/aceuser/ace-server/extensions
. This allows you to place extra files into a directory you can then reference in, for example, the server.conf.yaml/home/aceuser/initial-config/ssl
/home/aceuser/ace-server/ssl
/home/aceuser/ace-server/ssl
/home/aceuser/ace-server/ssl
The logs from the integration server running within the container will log to standard out. The log entries can be output in two formats:
docker logs
or kubectl logs
The output format is controlled by the LOG_FORMAT
environment variable.
A sample Kibana dashboard is available from GitHub
The accounting and statistics feature in IBM App Connect Enterprise provides the component level data with detailed insight into the running message flows to enabled problem determination, profiling, capacity planning, situation alert monitoring and charge-back modelling.
A Prometheus exporter runs on port 9483 if ACE_ENABLE_METRICS
is set to true
- the exporter listens for accounting and statistics, and resource statistics, data on a websocket from the integration server, then aggregates this data to make available to Prometheus when requested.
A sample Grafana dashboard is available from GitHub
The Dockerfile and associated scripts are licensed under the Eclipse Public License 2.0. Licenses for the products installed within the images are as follows:
LICENSE=view
environment variable as described above./usr/share/doc/${package}/copyright
Note that the IBM App Connect Enterprise for Developers license does not permit further distribution.
© Copyright IBM Corporation 2015, 2019
docker pull ibmcom/ace